• Stars
    star
    3,596
  • Rank 12,330 (Top 0.3 %)
  • Language
    C
  • License
    GNU General Publi...
  • Created over 10 years ago
  • Updated over 4 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Protect yourself against DNS poisoning in China.

ChinaDNS

Build Status Coverage Status

Traditional way to bypass DNS poisoning is to send all queries to a foreign DNS server via VPN. However some Chinese websites will get bad results if they have CDNs outside the country.

The second way is to maintain a list of domains of which you want to resolve from local DNS or foreign DNS. This list changes too often, taking too much effort to maintain.

ChinaDNS automatically queries local DNS servers to resolve Chinese domains and queries foreign DNS servers to resolve foreign domains. It is smart enough to work only with a Chinese IP range file, which doesn't change often.

In order to bypass IP blocking, you SHOULD use VPN software like ShadowVPN.

Install

  • Linux / Unix

    Download a release.

      ./configure && make
      src/chinadns -m -c chnroute.txt
    
  • OpenWRT

    • Download precompiled for OpenWRT trunk and CPU: ar71xx, brcm63xx, brcm47xx, ramips_24kec. Open an issue if you think your CPU is a popular one but not listed here.

    • If you use other CPU or other OpenWRT versions, build yourself: cd into SDK root, then

        pushd package
        git clone https://github.com/clowwindy/ChinaDNS.git
        popd
        make menuconfig # select Network/ChinaDNS
        make -j
        make V=99 package/ChinaDNS/openwrt/compile
      
  • Tomoto

    • Download Tomato toolchain, build by yourself.

    • Uncompress the downloaded file to ~/.

    • Copy the brcm directory under ~/WRT54GL-US_v4.30.11_11/tools/ to /opt, then

        export PATH=/opt/brcm/hndtools-mipsel-uclibc/bin/:/opt/brcm/hndtools-mipsel-linux/bin/:$PATH
        git clone https://github.com/clowwindy/ChinaDNS.git
        cd ChinaDNS
        ./autogen.sh && ./configure --host=mipsel-linux --enable-static && make
      
  • Windows

    Download Python exe version.

Usage

  • Linux / Unix Recommand using with option "-m" (DNS pointer mutation method) Run sudo chinadns -m -c chnroute.txt on your local machine. ChinaDNS creates a UDP DNS Server at 0.0.0.0:53.

  • OpenWRT

      opkg install ChinaDNS_1.x.x_ar71xx.ipk
      /etc/init.d/chinadns start
      /etc/init.d/chinadns enable
    

    Invoke the "enable" command to run the initscript on boot

    (Optional) We strongly recommend you to set ChinaDNS as a upstream DNS server for dnsmasq instead of using ChinaDNS directly:

    1. Run /etc/init.d/chinadns stop

    2. Remove the 2 lines containing iptables in /etc/init.d/chinadns.

    3. Update /etc/dnsmasq.conf to use only 127.0.0.1#5353:

       no-resolv
       server=127.0.0.1#5353
      
    4. Restart chinadns and dnsmasq

Test if it works correctly:

$ dig @192.168.1.1 www.youtube.com -p5353
; <<>> DiG 9.8.3-P1 <<>> @127.0.0.1 www.google.com -p5353
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29845
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.youtube.com.		IN	A

;; ANSWER SECTION:
www.youtube.com.	21569	IN	CNAME	youtube-ui.l.google.com.
youtube-ui.l.google.com. 269	IN	A	216.58.220.174

;; Query time: 74 msec
;; SERVER: 127.0.0.1#5353(127.0.0.1)
;; WHEN: Fri Jan 30 18:37:57 2015
;; MSG SIZE  rcvd: 83

Currently ChinaDNS only supports UDP. Builtin OpenWRT init script works with dnsmasq, which handles TCP. If you use it directly without dnsmasq, you need to add a redirect rule for TCP:

iptables -t nat -A PREROUTING -p tcp --dport 53 -j DNAT --to-destination 8.8.8.8:53

Advanced

usage: chinadns [-h] [-l IPLIST_FILE] [-b BIND_ADDR] [-p BIND_PORT]
       [-c CHNROUTE_FILE] [-s DNS] [-v]
Forward DNS requests.

-h, --help            show this help message and exit
-l IPLIST_FILE        path to ip blacklist file
-c CHNROUTE_FILE      path to china route file
                      if not specified, CHNRoute will be turned off
-d                    enable bi-directional CHNRoute filter
-y                    delay time for suspects, default: 0.3
-b BIND_ADDR          address that listens, default: 127.0.0.1
-p BIND_PORT          port that listens, default: 53
-s DNS                DNS servers to use, default:
                      114.114.114.114,208.67.222.222:443,8.8.8.8
-m                    Using DNS compression pointer mutation
                      (backlist and delaying would be disabled)
-v                    verbose logging

About chnroute

You can generate latest chnroute.txt using this command:

curl 'http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest' | grep ipv4 | grep CN | awk -F\| '{ printf("%s/%d\n", $4, 32-log($5)/log(2)) }' > chnroute.txt

License

Copyright (C) 2015 clowwindy

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.

Bugs and Issues

Please visit Issue Tracker

Mailing list: http://groups.google.com/group/shadowsocks

More Repositories

1

shadowsocks-windows

A C# port of shadowsocks
C#
58,398
star
2

shadowsocks-android

A shadowsocks client for Android
Kotlin
35,072
star
3

shadowsocks

Python
33,580
star
4

ShadowsocksX-NG

Next Generation of ShadowsocksX
Swift
32,386
star
5

shadowsocks-rust

A Rust port of shadowsocks
Rust
8,442
star
6

shadowsocks-iOS

Removed according to regulations.
Objective-C
8,181
star
7

shadowsocks-qt5

A cross-platform shadowsocks GUI client
C++
7,971
star
8

shadowsocks-go

go port of shadowsocks (Deprecated)
Go
6,610
star
9

shadowsocks-manager

A shadowsocks manager tool for multi user and traffic control.
JavaScript
4,116
star
10

openwrt-shadowsocks

Shadowsocks-libev for OpenWrt/LEDE
Makefile
3,249
star
11

v2ray-plugin

A SIP003 plugin based on v2ray
Go
2,689
star
12

simple-obfs

A simple obfuscating tool (Deprecated)
C
2,361
star
13

shadowsocks-gui

Shadowsocks GUI client
CoffeeScript
2,013
star
14

libQtShadowsocks

A lightweight and ultra-fast shadowsocks library written in C++14 with Qt framework
C++
1,500
star
15

shadowsocks-nodejs

CoffeeScript
1,246
star
16

luci-app-shadowsocks

OpenWrt/LEDE LuCI for Shadowsocks-libev
Lua
1,149
star
17

shadowsocks-org

www.shadowsocks.org
HTML
877
star
18

ChinaDNS-Python

Protect yourself against DNS poisoning in China.
Python
767
star
19

shadowsocks-chromeapp

Chrome client for shadowsocks
CoffeeScript
698
star
20

kcptun-android

kcptun for Android.
Shell
570
star
21

simple-obfs-android

A simple obfuscating tool for Android
C
440
star
22

v2ray-plugin-android

A SIP003 V2ray plugin on Android
Kotlin
439
star
23

crypto2

The fastest cryptographic library in the galaxy
Rust
350
star
24

ShadowDNS

A DNS forwarder using Shadowsocks as the server
Python
334
star
25

papers

List of papers related to shadowsocks
211
star
26

shadowsocks-dotcloud

a port of shadowsocks via websockets protocol, able to tunnel through HTTP proxy
CoffeeScript
202
star
27

shadowsocks-hub

A web app managing shadowsocks users, servers, nodes, products, accounts, and traffic. Suitable for internal use by companies, organizations, and friends.
JavaScript
133
star
28

qtun

Yet another SIP003 plugin based on IETF-QUIC
Rust
122
star
29

shadow-shop

Building highly customizable e-commerce websites selling shadowsocks services, using Wordpress and WooCommerce
PHP
107
star
30

tun2socks-iOS

tun2socks as a library for iOS apps
96
star
31

Shadowsocks-Net

✈ A light-weight, cross-platform, extensible Shadowsocks developed in C# (.NET Core).
C#
95
star
32

shadowsocks-restful-api

Secure, reliable, standard restful api for managing shadowsocks-libev
JavaScript
83
star
33

stackscript

Shell
73
star
34

libsscrypto

Build libsscrypto.dll for shadowsocks-windows.
C
61
star
35

iptables

iptables is the userspace command line program used to configure the Linux 2.4.x and later packet filtering ruleset. It is targeted towards system administrators.
C
56
star
36

openwrt-feeds

OpenWrt/LEDE feeds
Makefile
54
star
37

shadowsocks-crypto

Shadowsocks Crypto
Rust
46
star
38

libev

A fork of libev
Shell
37
star
39

sysproxy

System Proxy Agent for Shadowsocks Windows
C
32
star
40

shadowsocks-hub-api

A set of open and standard restful APIs for managing shadowsocks users, servers, nodes, products, accounts, and traffic.
JavaScript
27
star
41

openssl-android

A fork of OpenSSL for shadowsocks-android
C
27
star
42

tun2socks

Rust
25
star
43

android-ndk-go

Circle CI Android image with NDK and golang + rust, for building golang and/or rust for NDK.
Dockerfile
20
star
44

libudns

A fork of libudns
C
13
star
45

overture-android

A wrapper of overture for shadowsocks-android
Shell
10
star
46

tls

TLS version 1.3
Rust
8
star
47

iana-ip-db

IANA IP Number Resources
Rust
5
star